HackerLangs
TopNewTrendsCommentsPastAskShowJobs

concinds

5,328 karmajoined vor 10 Jahren

Submissions

Evolving Verifiable Trust: Bringing Binary Transparency to the Android Ecosystem

blog.google
2 points·by concinds·vor 2 Monaten·0 comments

Tell HN: macOS supports instant snapshot rollbacks

2 points·by concinds·vor 4 Monaten·1 comments

comments

concinds
·vor 15 Stunden·discuss
We focus too much on details and not the overall picture.

If you're a parent, one factor matters more than any other: the parents' emotional health determines the children's emotional health. Whether the parents have secure attachment, any intimacy/trust issues, high or low self-esteem, anxious or not, self-aware, how repressed they are, how comfortable with their own and others' emotions...

If a parent is uncomfortable with their thoughts/emotions and compensates with digital distractions, the issue isn't the phone. The media obsesses too much over symptoms and not causes.
concinds
·vor 20 Tagen·discuss
'It's worse for our users, but easier for our developers' is an unacceptable tradeoff, they deserve the backlash.
concinds
·letzten Monat·discuss
You are far too empathetic to them. They should not hold the jobs they have.

These are the people writing React monstrosities for government benefit websites, and testing them on fast iPhones and fast 4G, without realizing that every page load for actual users will take 30 seconds on their old $200 Android on 3G, and users won’t complete the form.

It’s a culture of not giving a shit, that’s the deeper issue.
concinds
·letzten Monat·discuss
Does not address Apple’s specific allegation, that the EU demanded that competing AIs have direct systemwide access to all apps and data, while Apple wanted to add an intermediation layer which Siri or competitors would plug into, and which would force the same level of user visibility (a popup at the top) over any AI’s behavior.

I don’t know why the EU allowed Apple to intermediate other browser engines with BrowserEngineKit, which is unacceptable, while blocking it here where it is reasonable.
concinds
·vor 2 Monaten·discuss
Edit: ignore
concinds
·vor 2 Monaten·discuss
> What an absurd claim. Apple trails behind

Recently there was an Anki vulnerability that gave any website access to any local files. On Windows or Linux this would be deadly. On macOS, Anki can't access my desktop or documents or Chrome storage or password manager storage. I think Apple's been smart about which security features it prioritizes.
concinds
·vor 2 Monaten·discuss
I wonder how well Apple has deployed these tools internally for security research.

Since mid-April Chrome showed 302 vulnerabilities patched, 225 of them found by Google. Same period last year was 19 vulnerabilities. They've also become more transparent recently, disclosing vulnerabilities found internally, not just externally (which Apple still doesn't appear to do). From the outside, it's hard to tell if Apple has deployed this tooling as much as Google.
concinds
·vor 2 Monaten·discuss
Anything can be turned into emotion-provoking content. That's circular. It's like saying: "viral things go viral, so if you assume no thumb on the scale, then there was no thumb on the scale". Occam's Razor can hide fallacies, there's no reason to assume that the simplest hypothesis is that there was no thumb on the scale. Arguably it's the opposite.
concinds
·vor 2 Monaten·discuss
Yeah, the pain/reward ratio is against vibecoded replacements for mature tools. Piracy is cheaper than tokens.

But over the next 5 years I expect a growth in Blender-like open-source projects aiming to take on the big closed-source elephants. Code is cheaper now. The main downside of LLM coding, unmaintainable spaghetti code, can be mitigated effectively with discipline and coordination.

You still need maintainers to uphold contribution standards, but people will throw tokens at you. A small, disciplined team can go a long way, make a decent enough product, and then attract the institutional money (like Blender did) and hit that growth curve where everyone rallies you and you've won.

Lots of companies would have a vested interest in reducing these dependencies to Adobe et al., or have a more customizable product. Competitive professional tools, more like Blender and less like GIMP, but in other areas, like DAWs, CADs, and others.
concinds
·vor 2 Monaten·discuss
So far, Google has been better than Apple at treating AI as a technology/feature and not just a product.

Staying on hold for you. Google Lens on that coat or bag. Warning you in the middle of a text convo with a stranger, if the conversation veers into typical scam patterns. Better text/email spam detection than Apple. Hanging up spoofed calls posing as your bank. Magic Cue. Magic Eraser. Better transcriptions and translations, in far more languages.

And who could forget, a good touchscreen keyboard. Those are real "AI as a feature". Not a better Siri.
concinds
·vor 2 Monaten·discuss
> Most companys spend enormous amounts on security with vast armys of security employees

This is true in America in many industries now, but most of the rest of the world (even the rest of the OECD) is still far behind.
concinds
·vor 2 Monaten·discuss
"Routed to a human" is what the suicide hotline numbers do. OpenAI employees are neither trained nor credible to do that stuff.
concinds
·vor 2 Monaten·discuss
It is not desirable to have mass adoption of DNSSEC, or to try to incentivize that.
concinds
·vor 2 Monaten·discuss
The second half of your comment is a go-to-market concern but doesn't feel so relevant for a research prototype. It could be done with a private local model too, maybe not by Google.

But I don't think the voice problem is surmountable. I closed their image editing demo when I saw it required a mic.

It would be appealing as a Spotlight-like text pop-up interface where you type instructions, which would work in social/office environments, but that might only appeal to power users.
concinds
·vor 2 Monaten·discuss
That's probably all the hardening the average person needs. BlockBlock because most malware tries to get persistence. Little Snitch or LuLu for fine-grained whitelisting of network requests for any apps that have plugins (e.g. you give Documents permissions to Obsidian, plugins inherit that, but they can't exfiltrate if you only allow requests to trusted domains).
concinds
·vor 2 Monaten·discuss
I don't think so

https://x.com/AISecurityInst/status/2049868227740565890
concinds
·vor 2 Monaten·discuss
These models demonstrably have good vulnerability research capabilities.

I'm sure their marketing department is ecstatic but you guys are far more hype-based than what you're calling out.
concinds
·vor 2 Monaten·discuss
Sure. macOS, iOS and Windows have local model APIs for third-party devs. Chrome is trialing it. Firefox uses models to generate alt-text, but no API.

In theory it's useful. If devs can rely on local models, it's more private and decentralized, they don't need to funnel money to AWS or Anthropic. There are low-stakes use cases that only make sense if they're local (available offline) and free.

But in practice I've seen zero adoption of Apple Foundation Models in native apps. I wonder if any Mac/iOS devs have anything to share on this.
concinds
·vor 2 Monaten·discuss
Reading that Canonical thread was jaw-dropping. Paraphrased: "Rust is more secure, security is our priority, therefore deploying this full-rewrite of core utils is an emergency. If things break that's fine, we'll fix it :)".

I would not want to run any code on my machines made by people who think like this. And I'm pro-Rust. Rust is only "more secure" all else being equal. But all else is not equal.

A rewrite necessarily has orders of magnitude more bugs and vulnerabilities than a decades-old well-maintained codebase, so the security argument was only valid for a long-term transition, not a rushed one. And the people downplaying user impact post-rollout, arguing that "this is how we'll surface bugs", and "the old coreutils didn't have proper test cases anyway" are so irresponsible. Users are not lab rats. Maintainers have a moral responsibility to not harm users' systems' reliability (I know that's a minority opinion these days). Their reasoning was flawed, and their values were wrong.
concinds
·vor 2 Monaten·discuss
> while a portion of this rise obviously consists of troubled/[...], a huge part of the rise of gambling is from desperation

Is that really so? It's a get-rich-quick scheme and absolutely no one is under any illusions otherwise, including the people gambling their rent money. They know it's a very long shot and that most people don't make bank, but they hope it'll go different for them.

WallStreetBets, just another form of gambling, is filled with posts of people losing everything but it doesn't seem to stop newbies.

The gap between troubled/problem/addicted and "desperate" has to be paper thin, if it exists at all.